Articles tagged: #macos

Detecting syscall abuse with macOS Endpoint Security in 2026

Endpoint Security is the modern, supported path for syscall-level detection on macOS — but its event taxonomy doesn't map 1-to-1 with syscalls. Here's the practical mapping for security work.

5/29/2026

endpoint-securitymacosedrsecurity

Tracing macOS syscalls with dtrace on Apple Silicon

A practical guide to using DTrace to trace BSD syscalls and Mach traps on modern macOS — including SIP requirements, working scripts, and what to do when Apple's syscall probes go missing.

5/27/2026

dtracemacossyscallstracing

How macOS syscalls work in 2026

What actually happens when an arm64 Mac program issues an SVC instruction — from the user-space stub down to the BSD syscall dispatcher and back.

5/25/2026

macosxnusyscallsarm64